{
 "cells": [
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "## Encryption Analysis Base Code\n",
    "\n",
    "INPUT: a pcap file\n",
    "\n",
    "OUTPUT: a CSV file \n",
    "\n",
    "### Examples\n",
    "**Step 1. Read pcap data and convert into JSON format**"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 1,
   "metadata": {},
   "outputs": [],
   "source": [
    "import os \n",
    "\"\"\"\n",
    "Input is a pcap file\n",
    "\"\"\"\n",
    "in_file = \"sample.pcap\"\n",
    "\"\"\"\n",
    "csv header: ip_src,ip_dst,srcport,dstport,tp_proto,data_proto,data_type,data_len,entropy,reason\n",
    "\"\"\"\n",
    "out_file = \"sample.csv\"\n",
    "\"\"\"\n",
    "ek_file: Newline-delimited JSON format for bulk import into Elasticsearch \n",
    "according to the option -T ek of https://www.wireshark.org/docs/man-pages/tshark.html\n",
    "\"\"\" \n",
    "ek_file = \"sample.json\""
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 2,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Running tshark -r sample.pcap -T ek -x > sample.json\n",
      " ... wait for the return code to be 0. \n"
     ]
    },
    {
     "data": {
      "text/plain": [
       "0"
      ]
     },
     "execution_count": 2,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# this is calling from the python script, one could run this via command directly \n",
    "cmd_bash = 'tshark -r %s -T ek -x > %s' % (in_file, ek_file)\n",
    "print('Running %s\\n ... wait for the return code to be 0. ' % cmd_bash)\n",
    "os.system(cmd_bash) "
   ]
  },
  {
   "cell_type": "markdown",
   "metadata": {},
   "source": [
    "*Note: Due to the large size of the generated JSON file (100+ MB), we do not put it in the repo. You can generate the file by either running this notebook or running `encryption.sh`.* \n",
    "\n",
    "**Step 2. Compute the entropy and determine data type**  \n",
    "Data type values: `unknown`, `text`, `encrypted`, `media`."
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 3,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Running python3 shrink_compute.py sample.json sample.csv \n",
      " ... wait for the return code to be 0. \n"
     ]
    },
    {
     "data": {
      "text/plain": [
       "0"
      ]
     },
     "execution_count": 3,
     "metadata": {},
     "output_type": "execute_result"
    }
   ],
   "source": [
    "# call the script to compute entropy\n",
    "# python3 shrink_compute.py ${ek_file} \".\" ${out_file}\n",
    "cmd_python = 'python3 shrink_compute.py %s %s' % (ek_file, out_file)\n",
    "print('Running %s \\n ... wait for the return code to be 0. '% cmd_python)\n",
    "os.system(cmd_python)"
   ]
  },
  {
   "cell_type": "code",
   "execution_count": 4,
   "metadata": {},
   "outputs": [
    {
     "name": "stdout",
     "output_type": "stream",
     "text": [
      "Results written to \"sample.csv\".\n"
     ]
    }
   ],
   "source": [
    "print(\"Results written to \\\"%s\\\".\" % out_file)"
   ]
  }
 ],
 "metadata": {
  "kernelspec": {
   "display_name": "Python 3",
   "language": "python",
   "name": "python3"
  },
  "language_info": {
   "codemirror_mode": {
    "name": "ipython",
    "version": 3
   },
   "file_extension": ".py",
   "mimetype": "text/x-python",
   "name": "python",
   "nbconvert_exporter": "python",
   "pygments_lexer": "ipython3",
   "version": "3.6.9"
  }
 },
 "nbformat": 4,
 "nbformat_minor": 2
}
